Postfix with LDAP backend

Although there is a lot of documentation regarding Postfix and OpenLDAP I could not find a complete example.

A good starting point when looking for the integration is the LDAP_README of postfix which gives at least some basic information.

In this post I’ll show how I managed to combine Postfix with OpenLDAP.

I had the following requirements for my setups:

Host multiple Domains

Each user can have one or more addresses, not limited to a single Domain

Each user does only have one Login and Mailbox.

Support for Catchall

Basics

I assume, that you are using a Postfix with LDAP support (e.g. the default Debian one) and a simple LDAP schema like this:

Structure:

Users: ou=Users,dc=foobar

Groups: ou=Groups,dc=foobar

Domains: ou=Domains,dc=foobar

User-Attributes:

Attribute

Usage

Cardinality

cn

Login

1

maildrop

Main Mailbox

1

mailacceptinggeneralid

Mail Alias

*

To simplify the post, I’ll replace some values with variables:

Variable

Example

{{ ldap_bind_dn }}

cn=postfix,ou=Applications,dc=foobar

{{ ldap_bind_pw }}

foobar123

{{ ldap_host }}

ldaps://ldap.foobar:636

{{ ldap_base }}

dc=foobar

{{ ldap_user_base }}

ou=Users,dc=foobar

{{ ldap_domains_base }}

ou=Domains,dc=foobar

Setup Postfix

First of all we have to tell Postfix, how logins, aliases, domains and recipients are handled.

For each of those mapping we have to create file in /etc/postfix/ldap:

Logins

The smtpd_sender_login_maps configurations performs a lookup from an incoming email-recipient to a username. Postfix first performs a full lookup on user@domain, then user and then @domain. The later one is also used for catchalls where the mailacceptinggeneralid is set to e.g. @foobar.com